BFClass: A Backdoor-free Text Classification Framework

Zichao Li, Dheeraj Mekala, Chengyu Dong, Jingbo Shang

Abstract
Backdoor attack introduces artificial vulnerabilities into the model by poisoning a subset of the training data via injecting triggers and modifying labels. Various trigger design strategies have been explored to attack text classifiers, however, defending such attacks remains an open problem. In this work, we propose BFClass, a novel efficient backdoor-free training framework for text classification. The backbone of BFClass is a pre-trained discriminator that predicts whether each token in the corrupted input was replaced by a masked language model. To identify triggers, we utilize this discriminator to locate the most suspicious token from each training sample and then distill a concise set by considering their association strengths with particular labels. To recognize the poisoned subset, we examine the training samples with these identified triggers as the most suspicious token, and check if removing the trigger will change the poisoned model’s prediction. Extensive experiments demonstrate that BFClass can identify all the triggers, remove 95% poisoned training samples with very limited false alarms, and achieve almost the same performance as the models trained on the benign training data.
Anthology ID:
2021.findings-emnlp.40
Volume:
Findings of the Association for Computational Linguistics: EMNLP 2021
Month:
November
Year:
2021
Address:
Punta Cana, Dominican Republic
Editors:
Marie-Francine Moens, Xuanjing Huang, Lucia Specia, Scott Wen-tau Yih
Venue:
Findings
SIG:
SIGDAT
Publisher:
Association for Computational Linguistics
Note:
Pages:
444–453
Language:
URL:
https://aclanthology.org/2021.findings-emnlp.40
DOI:
10.18653/v1/2021.findings-emnlp.40
Bibkey:
Cite (ACL):
Zichao Li, Dheeraj Mekala, Chengyu Dong, and Jingbo Shang. 2021. BFClass: A Backdoor-free Text Classification Framework. In Findings of the Association for Computational Linguistics: EMNLP 2021, pages 444–453, Punta Cana, Dominican Republic. Association for Computational Linguistics.
Cite (Informal):
BFClass: A Backdoor-free Text Classification Framework (Li et al., Findings 2021)
Copy Citation:
PDF:
https://preview.aclanthology.org/add_acl24_videos/2021.findings-emnlp.40.pdf
Video:
 https://preview.aclanthology.org/add_acl24_videos/2021.findings-emnlp.40.mp4
Data
IMDb Movie ReviewsSSTSST-2
PDF Search Video